From 775ddef518e5da0c879b922f665de0c8fe3a0263 Mon Sep 17 00:00:00 2001 From: "Simon L. B. Nielsen" Date: Fri, 8 Jul 2005 20:29:16 +0000 Subject: Document bugzilla -- multiple vulnerabilities. --- security/vuxml/vuln.xml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3f34f6b6da5f..582fae95d06e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,46 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + bugzilla -- multiple vulnerabilities + + + bugzilla + ja-bugzilla + 2.17.12.18.2 + + + + +

A Bugzilla Security Advisory reports:

+
Any user can change any flag on any bug, even if they + don't have access to that bug, or even if they can't + normally make bug changes. This also allows them to expose + the summary of a bug.
+
Bugs are inserted into the database before they are + marked as private, in Bugzilla code. Thus, MySQL + replication can lag in between the time that the bug is + inserted and when it is marked as private (usually less + than a second). If replication lags at this point, the bug + summary will be accessible to all users until replication + catches up. Also, on a very slow machine, there may be a + pause longer than a second that allows users to see the + title of the newly-filed bug.
+

+ + + + http://www.bugzilla.org/security/2.18.1/ + https://bugzilla.mozilla.org/show_bug.cgi?id=292544 + https://bugzilla.mozilla.org/show_bug.cgi?id=293159 + + + 2005-07-07 + 2005-07-08 + + + nwclient -- multiple vulnerabilities -- cgit v1.2.3